Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-02-23 03:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,480 Commits 23 Branches 113 Tags
bc5779376180ae72e35c00a75a1787817f4656e9
Commit Graph

27 Commits

Author SHA1 Message Date
DL6ER
563cba7ec1 Removed superfluous "http://" strings 2016-12-27 17:28:57 +00:00
DL6ER
72befd7207 Only half of the work was done ;-) 2016-12-27 17:23:54 +00:00
Mcat12
2254af713b Allow custom port in CORS check 2016-12-27 11:39:47 -05:00
DL6ER
623ef322e4 Add support for port != 80 2016-12-21 20:45:02 +01:00
Mcat12
ebe310d1db Correctly parse IPV4_ADDRESS in setupVars for CORS 
Often there's a `/24` at the end of the IP, so we need to ignore
that.
 2016-12-21 12:32:36 -05:00
Mcat12
8b59998299 Use IPv4 from setupVars for CORS 2016-12-21 12:08:19 -05:00
DL6ER
e188cb6fbc Revert "Merge pull request #267 from pi-hole/folderStructure" 
This reverts commit fba3d10fa4, reversing
changes made to 4ee75f4167.
 2016-12-21 17:16:52 +01:00
Mcat12
d1da1de597 Move PHP scripts to scripts folder 2016-12-19 19:44:51 -05:00
DL6ER
1068ed82b1 Add hostname to allowed domains 2016-12-16 21:36:26 +01:00
Mcat12
8cf7e262a2 Remove CORS skip log message 
It can fill up the error log really quickly, since this function is now used on all pages. Most of these pages are not able to be protected by CORS but can still be protected by the Host check.
 2016-12-10 11:47:47 -05:00
Mcat12
0dec4b8aa0 Protect Enable/Disable with a CSRF token check 
The token is now added for all pages.
 2016-12-04 13:16:45 -05:00
Mcat12
40c6ee9f5a Remove strict flag and change Host check 
Since the Host header is easily manipulated, we can only check if
it's wrong and can't use it to validate that the client is authorized,
only unauthorized. There's no need for the strict flag anymore
because of this.
 2016-12-02 16:06:43 -05:00
Mcat12
591bc2c3f5 Change another else for codacy 2016-11-20 18:23:18 -05:00
Mcat12
2989709a23 Re-arrange check_cors if statements for codacy 2016-11-20 18:11:02 -05:00
Mcat12
b2b93e90b3 Add flag for strict CORS 
Prevents enable/disable from requests without CORS info
 2016-11-17 16:47:14 -05:00
Mcat12
d2fcc36341 Require CORS check on all admin pages 
This is mainly added so that an ad can't enable/disable the Pi-hole
by simply loading a url like `http://pi.hole/admin/index.php?disable`
 2016-11-07 21:10:36 -05:00
Adam Warner
b9f186befb Revert "set default time zone for date" 2016-10-18 15:52:58 +01:00
Mcat12
871bef985d Add fallback hash_equals and use old array syntax 2016-10-13 16:25:05 -04:00
Jakob Ackermann
fb995872d1 run date command right before log event 2016-10-09 04:04:40 +02:00
Jakob Ackermann
9cd0f4b4fa use output of command date as datestring 
this will imply the system time zone. command date and the given format
are supported by the majority of linux distros
 2016-10-09 03:06:09 +02:00
Jakob Ackermann
b73d6e0329 set default time zone for date 
this prevents basic error messages from php(-cgi) for not setting the
timezone and then using UTC as default
 2016-10-04 17:57:34 +02:00
brantje
4da38e5472 Check if a domain name is valid 2016-08-17 21:18:17 +02:00
diginc
f460607bde semicolon because php 2016-07-18 21:38:48 -05:00
diginc
b6e177de6c Set a default error log when empty 2016-07-18 21:04:17 -05:00
diginc
246599a0ba Don't need docker server IP in here anymore 2016-07-08 08:23:12 -05:00
diginc
d1ef51a358 cleanup and tested on alpine/debian 2016-07-07 23:30:58 -05:00
diginc
657fb7badc Fixes and refactoring WL/BL files more 
* CORS was required to auth (bug) - fixed
* Logging defaults to the default lighttpd error log
* Overridable error log location to support alpine/nginx container or power users
* Put the repeated code into a include for sub/add, auth.php
* Error logs say what failed much better now
* VIRTUAL_HOST should theoretically allow custom hostnames for CORS
 2016-07-07 00:28:28 -05:00